Electronic Codebook Mode

cryptography

Definition

Electronic Codebook Mode

Electronic Codebook mode is a mode of operation for a block cipher in which each plaintext block is encrypted independently under the same key.

For plaintext blocks $P_1,\dots ,P_n$, the ciphertext blocks are:

$$C_i=E_k(P_i).$$

Mechanism

ECB applies the block cipher separately to each block. There is no chaining between blocks and no additional integrity check.

¹

This has several consequences:

• Equal plaintext blocks produce equal ciphertext blocks
• Ciphertext blocks can be copied, removed, or rearranged without affecting the decryption of other blocks
• A bit flip in a ciphertext block produces random errors exclusively in the corresponding plaintext block

Repeated plaintext blocks

If $P_i=P_j$, then

$$C_i=E_k(P_i)=E_k(P_j)=C_j.$$

So repeated structure in the plaintext remains visible in the ciphertext at the block level.

Avoidance

When to avoid ECB

ECB should be avoided, unless the message to be encrypted is not larger than a single block.

Block splicing

Because each block is independent, an attacker can often build a new valid ciphertext by reusing blocks from other valid ciphertexts.

This does not reveal the key, but it may still let the attacker create a ciphertext whose decrypted fields have a different meaning.

Badge forgery by block reuse

Suppose a badge plaintext is divided into four blocks:

$$B_1\parallel B_2\parallel B_3\parallel B_4,$$

where $B_4$ stores the user role.

If the attacker chooses the input so that $B_2$ decrypts to curator , then the ciphertext

$$C_1\parallel C_2\parallel C_3\parallel C_2$$

decrypts to a badge whose role block is curator .

Limitation

ECB provides neither semantic security for structured multi-block data nor integrity protection. For this reason, it is usually unsuitable for records, tokens, or other structured messages.

Footnotes

1. 192.019 Introduction to Security ↩